Commit Graph

66 Commits

Author SHA1 Message Date
Peter Seiderer
89a3f73910 package/wget: bump version to 1.12.1
- update/fix signing key hash

For details see [1], [2].

[1] https://lists.gnu.org/archive/html/info-gnu/2020-12/msg00013.html
[2] https://lists.gnu.org/archive/html/info-gnu/2021-01/msg00007.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-14 11:59:08 +01:00
Matt Weber
63332c33aa package: provide CPE ID details for numerous packages
This patch adds CPE ID information for a significant number of
packages.

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-01-04 21:43:54 +01:00
Bernd Kuhls
a3460121b1 package/wget: add optional dependency to libiconv
wget has an optional dependency to libiconv:
http://git.savannah.gnu.org/cgit/wget.git/tree/configure.ac#n344

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-04-12 15:49:05 +02:00
Peter Korsgaard
d732da7a20 package/wget: security bump to version 1.20.3
Fixes CVE-2019-5953: Buffer overflow vulnerability

For more details, see the announcement:
https://lists.gnu.org/archive/html/bug-wget/2019-04/msg00015.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-04-06 19:13:11 +02:00
Peter Korsgaard
c21d440c8a package/wget: security bump to version 1.20.2
From NEWS:

* Changes in Wget 1.20.2
** Fixed a buffer overflow vulnerability

For more details, see the announcement:
https://lists.gnu.org/archive/html/info-gnu/2019-04/msg00000.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-04-03 21:32:30 +02:00
Baruch Siach
8fe075d9d9 package/wget: add optional dependency on pcre/pcre2
Default to pcre2 to mimic upstream configure.ac.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-12-30 17:10:13 +01:00
Baruch Siach
5201daf40f package/wget: bump to version 1.20.1
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-12-30 17:09:27 +01:00
Yann E. MORIN
0e3240ddcc package/busybox: invert dependency with wget
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-07-08 12:22:14 +02:00
Peter Korsgaard
8b0fd3cb49 Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-06-02 11:21:20 +02:00
Fabrice Fontaine
4d71ef3cf6 wget: add optional dependency for libidn2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-20 16:10:53 +02:00
Baruch Siach
cc39457fb9 wget: security bump to version 1.19.5
Fixes CVE-2018-0494: cookie injection vulnerability.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-13 22:27:05 +02:00
Baruch Siach
56057835f6 wget: bump to version 1.19.4
Update license hash; s/http/https/ of in-text URLs.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-02-08 22:04:53 +01:00
Peter Korsgaard
aff7673602 wget: add optional zlib support
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 09:10:11 +02:00
Peter Korsgaard
86eb94636e wget: security bump to version 1.19.2
Fixes the following security issues:

CVE-2017-13089: The http.c:skip_short_body() function is called in some
circumstances, such as when processing redirects.  When the response is sent
chunked, the chunk parser uses strtol() to read each chunk's length, but
doesn't check that the chunk length is a non-negative number.  The code then
tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but
ends up passing the negative chunk length to connect.c:fd_read().  As
fd_read() takes an int argument, the high 32 bits of the chunk length are
discarded, leaving fd_read() with a completely attacker controlled length
argument.

CVE-2017-13090: The retr.c:fd_read_body() function is called when processing
OK responses.  When the response is sent chunked, the chunk parser uses
strtol() to read each chunk's length, but doesn't check that the chunk
length is a non-negative number.  The code then tries to read the chunk in
pieces of 8192 bytes by using the MIN() macro, but ends up passing the
negative chunk length to retr.c:fd_read().  As fd_read() takes an int
argument, the high 32 bits of the chunk length are discarded, leaving
fd_read() with a completely attacker controlled length argument.  The
attacker can corrupt malloc metadata after the allocated buffer.

Drop now upstreamed patch and change to .tar.lz as .tar.xz is no longer
available.

Also add a hash for the license file while we're at it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-28 09:10:05 +02:00
Rahul Bedarkar
337aa51f3f boot, package: use SPDX short identifier for GPLv3/GPLv3+
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for GPLv3/GPLv3+ is GPL-3.0/GPL-3.0+.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv3\>/GPL-3.0/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:17:59 +02:00
Thomas Petazzoni
c36f0d65ad wget: bump to 1.19.1 to fix build issue
Due to the patches we have on wget 1.19, we need to
autoreconf. Unfortunately, when the autoreconfiguration process occurs
with host-gettext already built and installed, the build of wget fails
with a fairly weird error:

In file included from str-two-way.h:44:0,
                 from c-strcasestr.c:37:
./stdint.h:89:5: error: #if with no expression
 #if

As explained in http://git.net/ml/bug-gnulib-gnu/2017-01/msg00067.html
and the links pointed by this page, this is due to an incompatibility
between the newer version of gnulib used in wget, and an older .m4 file
in gettext.

In the context of Buildroot, the easiest way to avoid the issue is to
not autoreconf wget. The wget project has conveniently released a 1.19.1
release, which contains our two patches, plus just one small feature
addition. It is therefore reasonable to apply this as a solution to this
build issue.

Fixes:

  http://autobuild.buildroot.net/results/b62ac6fd5ce36453935c309e112262467cf0e3bf/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-13 22:13:09 +01:00
Rahul Bedarkar
7d50d52c37 wget: add upstream patch to fix build failure
Fixes:
  http://autobuild.buildroot.net/results/c86/c8657563e63e1012a3ae3c0c47663a951e280022

Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-11 15:17:41 +01:00
Vicente Olivert Riera
f90de82251 wget: bump version to 1.19
package/wget/0001-utils-rename-base64_-encode-decode.patch already
included in this release, so drop it:
  http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e4e9d3c1c801190b5c8232284b26d170924b1696

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-02-06 15:54:39 +01:00
Rahul Bedarkar
2f257ec7d7 wget: fix ssl detection in static libs configuration
When building wget with openssl in static libs configuration, wget
build system fails detect openssl because it doesn't specify LD flags
for private libs used by openssl. This specifically happens when we
pass --with-libssl-prefix to configure which tries to find ssl using
custom flags. If we don't specify --with-libssl-prefix, it relies on
pkg-config files to detect ssl and it's LD flags which helps with static
linking.

This commit removes --with-libssl-prefix conf opts. Since this case is
similar to gnutls, we remove same conf opts for gnutls as well.

wget can be built with either gnutls or openssl crypto libraries, so
separate optional support for both is not required. This commit also
does minor optimization by checking for either gnutls or openssl while
at it.

Fixes:
  http://autobuild.buildroot.net/results/c6a/c6abdff37b86471cf8b0ceffeff5472042923de0/

Signed-off-by: Rahul Bedarkar <rahul.bedarkar@imgtec.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-11-11 22:11:57 +01:00
Gustavo Zacarias
1ed645f343 wget: security bump to version 1.18
Fixes:
CVE-2016-4971 - By default, on server redirects to a FTP resource, use
the original URL to get the local file name.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-06-10 00:13:29 +02:00
Gustavo Zacarias
bada891fdb wget: bump to version 1.17.1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-12-12 12:02:41 +01:00
Jerzy Grzegorek
bd8c733fb4 packages: indentation cleanup
This commit doesn't touch infra packages.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-31 13:57:41 +02:00
Gustavo Zacarias
c3df14db89 wget: bump to version 1.16.3
Fixes a regression of quiet mode not being quiet.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-09 14:05:18 +01:00
Vicente Olivert Riera
cd4cd676b5 wget: bump version to 1.16.2
- Bump version to 1.16.2
- Update the hash file

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-03-02 23:47:20 +01:00
Gustavo Zacarias
ca0a1844ae wget: add host-pkgconf dependency
Uses pkgconfig since 1.16.1+ to find libraries.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-10 21:25:04 +01:00
Vicente Olivert Riera
cc6d880ca4 wget: bump version to 1.16.1
- Bump version to 1.16.1
- Update hash file

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-08 18:48:14 +01:00
Gustavo Zacarias
e9faa850c1 wget: bump to version 1.16
Add hash file.
And drop autoreconf/gettextize/patch, it's upstream now.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-27 17:49:38 +01:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Yann E. MORIN
70c2514b8a package/wget: use the new gettextize infra
Instead of using a custom hook to gettextize wget, use the new
gettextize infra we just added in the previous patch.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-17 09:49:49 +02:00
Peter Korsgaard
faa9e1a6bb wget: add optional libuuid dependency
Reported-by: Alexander Potashev <a.potashev@geoscan.aero>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-07-01 13:28:33 +02:00
Yann E. MORIN
86c32446c6 wget: fix host-gettext build dependency race
Currently, the gettextization of wget works by chance:
  - host-gettext is added as a dependency to wget;
  - gettextize is run as a post-patch hook.

But the dependencies are only guaranteed to be built and installed
for the configure step, not the patch step. Because post-patch hooks
are part of the patch step, we have no guarantee that the dependency
to host-gettext is done by the time we gettextize wget.

This happens to work by chance, since wget sorts alphabetically after
gettext, so we indeed have host-gettext built and installed by the
time we need to gettextize wget.

This is prone to fail in the parallel build case, since we can no
longer rely on alphabetical order in that case.

Instead, run gettextize in PRE_CONFIGURE_HOOKS to avoid the race.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
[baruch: make the fix independent from the gettextize infra]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-04-24 00:19:27 +02:00
Gustavo Zacarias
f8a2497287 wget: fix autoreconf brokeness
Fix failed AUTORECONF under certain circumstances where gettext infra is
much newer (>= 0.18) than what wget source expects (~ 0.17).
Do this by gettextizing the source before AUTORECONFing.
If this becomes common we may need a FOO_GETTEXTIZE generic option, but
for now this seems to be the only package that needs so. Fixes:
http://autobuild.buildroot.net/results/c0f/c0f7c801f61fdc310cde64342060b00a70155431/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-04-03 20:12:46 +02:00
Baruch Siach
84bf8f04c6 wget: fix build against uclibc snapshot
Same fix as a728e2fe3 (coreutils: fix build against uclibc snapshot).

uClibc development version adds support for POSIX spawn routines. However,
unlike glibc these routines are in librt. This breaks gnulib autoconf
detection. Teach gnulib autoconf to look for POSIX spawn in librt.

Fixes:
http://autobuild.buildroot.net/results/bc20297dad0f0e9b7fa79fe835b9754fbce6dfdf/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-03-03 21:25:13 +01:00
Gustavo Zacarias
425649fb32 wget: bump to version 1.15
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-21 15:39:16 +01:00
Jerzy Grzegorek
62146ea3ad change package tarball compression to xz whenever possible
[Peter: leave change xz tarball format to not end up with circular deps]
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-09-08 22:44:23 +02:00
Alexandre Belloni
8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Gustavo Zacarias
61d1f013d9 wget: bump to version 1.14
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-08-24 23:48:46 +02:00
Arnout Vandecappelle (Essensium/Mind)
e1502ebc0c all packages: rename XXXTARGETS to xxx-package
Also remove the redundant $(call ...).

This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:23:05 +02:00
Gustavo Zacarias
b79ab02d46 wget: bump to version 1.13.4 and improvements
* Bump wget to version 1.13.4
* Enable wget again on !wchar toolchains
* Enable support for gnutls

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-10-15 23:20:28 +02:00
Thomas Petazzoni
300f9c9c9d package: remove useless arguments from AUTOTARGETS
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.

[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-29 23:12:27 +02:00
Peter Korsgaard
a96be19bc3 package: remove redundant DISABLE_{IPV6,NLS,LARGEFILE} configure args
Makefile.autotools.in automatically adds these to the configure invocation,
so there's no need to explicitly list them.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-03-22 14:29:00 +01:00
Gustavo Zacarias
8fe6cc98d9 wget: bump to 1.12 and migrate to Makefile.autotools.in
Closes .

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-03-22 14:07:30 +01:00
Peter Korsgaard
3fdf0bffb8 buildroot: silence ./configure step when building with 'make -s'
We have been passing -q to ./configure when using 'make -s' for
packages using Makefile.autotools.in for some time. Do the same
for packages using autotools, but not using the
Makefile.autotools.in infrastructure, taking care to not do it
for packages with hand written configure scripts.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-10-01 21:24:42 +02:00
Will Newton
422ce6536b package: Remove unnecessary dependencies on uclibc.
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.

Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-09-03 20:22:38 +02:00
Peter Korsgaard
4a7bfd2775 package/: convert to DOWNLOAD helper 2009-01-16 11:42:52 +00:00
Peter Korsgaard
ac1d92c425 package/: get rid of unneeded $(strip ..) 2008-12-08 08:15:27 +00:00
Hamish Moffatt
af510f4e19 Applied patch from Nathanael D. Noblet <nathanael@gnat.ca> to fix
broken GNU download paths. Also fix gnuchess, xboard and classpath
packages to use $(BR2_GNU_MIRROR) rather than hardcoded urls.
2008-03-26 03:28:09 +00:00
Peter Korsgaard
efa0423110 buildroot: Use BR2_GNU_MIRROR everywhere
Patch by Nigel Kukard.
2008-03-11 08:17:17 +00:00
John Voltz
8a44ae675b cleanup wget makefile 2008-03-06 18:29:06 +00:00
Hamish Moffatt
03d6531962 Run $(CONFIG_UPDATE) after unpacking sources
Patch from Dan Nicolaescu
2008-02-12 00:35:03 +00:00